Security Incidents: Re: How to read port scans

From: Jose Nazario <jose_at_BIOCSERVER.BIOC.CWRU.EDU>
Date: Thu, 8 Jun 2000 15:48:36 -0400

On Thu, 8 Jun 2000, Phil Curran wrote:

> I am new to auditing/reading port scanning documents. Are there any
> documents/books/urls that would be able to help me in understanding
> what I am reading/trying to analyze? Any help is greatly appreciated.

'Hacking Exposed' is pretty good, covering a pretty good number of
techniques. also go through the Phrack (http://www.phrack.com/) archives
for scanning techniques:

        http://phrack.infonexus.com/search.phtml?view&article=p49-15
        http://phrack.infonexus.com/search.phtml?view&article=p51-10
        http://phrack.infonexus.com/search.phtml?view&article=p51-11
        http://phrack.infonexus.com/search.phtml?view&article=p53-13

OS fingerprinting:
http://phrack.infonexus.com/search.phtml?view&article=p54-9

a simple NIDS (watcher)
http://phrack.infonexus.com/search.phtml?view&article=p53-11

northcutt's book is also excellent, Network Intrusion Detection : An
Analysis Handbook
http://www.amazon.com/exec/obidos/ASIN/0735708681/qid=960492995/sr=1-1/102-7315109-2117733

and of course download a smackload of scanners from Packetstorm
(http://packetstorm.securify.com/), one of the best repositories around of
tools.

i hope this helps you get started.

jose nazario jose_at_biochemistry.cwru.edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Received on Jun 10 2000